[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 12 09:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
25c63cc6 by security tracker role at 2022-04-12T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-29081
+ RESERVED
+CVE-2022-29080 (The npm-dependency-versions package through 0.3.0 for Node.js allows c ...)
+ TODO: check
+CVE-2022-29079
+ RESERVED
+CVE-2022-29078
+ RESERVED
+CVE-2022-29077
+ RESERVED
+CVE-2022-29076
+ RESERVED
+CVE-2022-29075
+ RESERVED
+CVE-2022-29074
+ RESERVED
+CVE-2022-29073
+ RESERVED
+CVE-2022-29072
+ RESERVED
+CVE-2022-29071
+ RESERVED
+CVE-2022-29070
+ RESERVED
+CVE-2022-29069
+ RESERVED
+CVE-2022-29068
+ RESERVED
+CVE-2022-29067
+ RESERVED
+CVE-2022-29066
+ RESERVED
+CVE-2022-29065
+ RESERVED
+CVE-2022-29064
+ RESERVED
+CVE-2022-1319
+ RESERVED
+CVE-2022-1318
+ RESERVED
+CVE-2022-1317
+ RESERVED
+CVE-2022-1316 (ZeroTierOne for windows local privilege escalation because of incorrec ...)
+ TODO: check
CVE-2022-29063
RESERVED
CVE-2022-29062
@@ -54,8 +98,8 @@ CVE-2022-29037
RESERVED
CVE-2022-29036
RESERVED
-CVE-2022-29035
- RESERVED
+CVE-2022-29035 (In JetBrains Ktor Native before version 2.0.0 random values used for n ...)
+ TODO: check
CVE-2022-29034
RESERVED
CVE-2022-29033
@@ -73,42 +117,52 @@ CVE-2022-29028
CVE-2022-1315
RESERVED
CVE-2022-1314
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1313
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1312
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1311
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1310
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1309
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1308
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1307
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1306
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1305
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -665,16 +719,16 @@ CVE-2022-28781
RESERVED
CVE-2022-28780
RESERVED
-CVE-2022-28779
- RESERVED
-CVE-2022-28778
- RESERVED
-CVE-2022-28777
- RESERVED
-CVE-2022-28776
- RESERVED
-CVE-2022-28775
- RESERVED
+CVE-2022-28779 (Uncontrolled search path element vulnerability in Samsung Android USB ...)
+ TODO: check
+CVE-2022-28778 (Improper access control vulnerability in Samsung Security Supporter pr ...)
+ TODO: check
+CVE-2022-28777 (Improper access control vulnerability in Samsung Members prior to vers ...)
+ TODO: check
+CVE-2022-28776 (Improper access control vulnerability in Galaxy Store prior to version ...)
+ TODO: check
+CVE-2022-28775 (Improper access control vulnerability in Samsung Flow prior to version ...)
+ TODO: check
CVE-2022-28774
RESERVED
CVE-2022-28773
@@ -945,8 +999,8 @@ CVE-2022-1265
RESERVED
CVE-2022-1264
RESERVED
-CVE-2022-1262
- RESERVED
+CVE-2022-1262 (A command injection vulnerability in the protest binary allows an atta ...)
+ TODO: check
CVE-2022-1261
RESERVED
CVE-2022-1260
@@ -1328,14 +1382,14 @@ CVE-2022-28546
RESERVED
CVE-2022-28545
RESERVED
-CVE-2022-28544
- RESERVED
-CVE-2022-28543
- RESERVED
-CVE-2022-28542
- RESERVED
-CVE-2022-28541
- RESERVED
+CVE-2022-28544 (Path traversal vulnerability in unzip method of InstallAgentCommonHelp ...)
+ TODO: check
+CVE-2022-28543 (Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 ...)
+ TODO: check
+CVE-2022-28542 (Improper sanitization of incoming intent in Galaxy Store prior to vers ...)
+ TODO: check
+CVE-2022-28541 (Uncontrolled search path element vulnerability in Samsung Update prior ...)
+ TODO: check
CVE-2022-28540
RESERVED
CVE-2022-28539
@@ -1753,16 +1807,14 @@ CVE-2022-28349
RESERVED
CVE-2022-28348
RESERVED
-CVE-2022-28347 [Potential SQL injection via QuerySet.explain(**options) on PostgreSQL]
- RESERVED
+CVE-2022-28347 (A SQL injection issue was discovered in QuerySet.explain() in Django 2 ...)
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
NOTE: https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81 (main)
NOTE: https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402 (4.0.4)
NOTE: https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d (3.2.13)
NOTE: https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5 (2.2.28)
-CVE-2022-28346 [Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()]
- RESERVED
+CVE-2022-28346 (An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ...)
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
NOTE: https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200 (main)
@@ -2009,8 +2061,8 @@ CVE-2022-1195
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056381
CVE-2022-1194
RESERVED
-CVE-2022-1193
- RESERVED
+CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, ...)
+ TODO: check
CVE-2022-1192
RESERVED
CVE-2021-46779
@@ -2390,8 +2442,8 @@ CVE-2022-1163 (Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/
NOT-FOR-US: minewebcms
CVE-2022-1162 (A hardcoded password was set for accounts registered using an OmniAuth ...)
- gitlab <unfixed>
-CVE-2022-1161
- RESERVED
+CVE-2022-1161 (An attacker with the ability to modify a user program may change user ...)
+ TODO: check
CVE-2022-1160 (heap buffer overflow in get_one_sourceline in GitHub repository vim/vi ...)
- vim <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c/
@@ -2426,8 +2478,8 @@ CVE-2022-1158
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2a8859f373b0a86f0ece8ec8312607eacf12485d (5.18-rc1)
NOTE: https://www.openwall.com/lists/oss-security/2022/04/08/4
-CVE-2022-1157
- RESERVED
+CVE-2022-1157 (Missing sanitization of logged exception messages in all versions prio ...)
+ TODO: check
CVE-2022-1156
RESERVED
CVE-2022-1155 (Old sessions are not blocked by the login enable function. in GitHub r ...)
@@ -3223,12 +3275,12 @@ CVE-2022-1099 (Adding a very large number of tags to a runner in GitLab CE/EE af
- gitlab <unfixed>
CVE-2022-1098 (Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vu ...)
NOT-FOR-US: Delta Electronics DIAEnergie
-CVE-2021-46742
- RESERVED
+CVE-2021-46742 (The multi-window module has a vulnerability of unauthorized insertion ...)
+ TODO: check
CVE-2021-46741
RESERVED
-CVE-2021-46740
- RESERVED
+CVE-2021-46740 (The device authentication service module has a defect vulnerability in ...)
+ TODO: check
CVE-2022-27887 (Maccms v10 was discovered to contain a reflected cross-site scripting ...)
NOT-FOR-US: Maccms
CVE-2022-27886 (Maccms v10 was discovered to contain a reflected cross-site scripting ...)
@@ -3351,8 +3403,8 @@ CVE-2022-1069
RESERVED
CVE-2022-1068 (Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to ...)
NOT-FOR-US: Modbus Tools Modbus Slave
-CVE-2022-1067
- RESERVED
+CVE-2022-1067 (Navigating to a specific URL with a patient ID number will result in t ...)
+ TODO: check
CVE-2022-27863
RESERVED
CVE-2022-27862
@@ -3389,10 +3441,10 @@ CVE-2022-27847
RESERVED
CVE-2022-27846
RESERVED
-CVE-2022-27845
- RESERVED
-CVE-2022-27844
- RESERVED
+CVE-2022-27845 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...)
+ TODO: check
+CVE-2022-27844 (Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, S ...)
+ TODO: check
CVE-2022-1066
RESERVED
CVE-2022-1065
@@ -3418,52 +3470,52 @@ CVE-2018-25032 (zlib before 1.2.12 allows memory corruption when deflating (i.e.
NOTE: Details: https://www.openwall.com/lists/oss-security/2022/03/26/1
NOTE: https://www.openwall.com/lists/oss-security/2022/03/27/1
NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/1
-CVE-2022-27843
- RESERVED
-CVE-2022-27842
- RESERVED
-CVE-2022-27841
- RESERVED
-CVE-2022-27840
- RESERVED
-CVE-2022-27839
- RESERVED
-CVE-2022-27838
- RESERVED
-CVE-2022-27837
- RESERVED
-CVE-2022-27836
- RESERVED
-CVE-2022-27835
- RESERVED
-CVE-2022-27834
- RESERVED
-CVE-2022-27833
- RESERVED
-CVE-2022-27832
- RESERVED
-CVE-2022-27831
- RESERVED
-CVE-2022-27830
- RESERVED
-CVE-2022-27829
- RESERVED
-CVE-2022-27828
- RESERVED
-CVE-2022-27827
- RESERVED
-CVE-2022-27826
- RESERVED
-CVE-2022-27825
- RESERVED
-CVE-2022-27824
- RESERVED
-CVE-2022-27823
- RESERVED
-CVE-2022-27822
- RESERVED
-CVE-2022-27821
- RESERVED
+CVE-2022-27843 (DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 all ...)
+ TODO: check
+CVE-2022-27842 (DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22 ...)
+ TODO: check
+CVE-2022-27841 (Improper exception handling in Samsung Pass prior to version 3.7.07.5 ...)
+ TODO: check
+CVE-2022-27840 (Improper access control vulnerability in SamsungRecovery prior to vers ...)
+ TODO: check
+CVE-2022-27839 (Improper authentication vulnerability in SecretMode in Samsung Interne ...)
+ TODO: check
+CVE-2022-27838 (Improper access control vulnerability in FactoryCamera prior to versio ...)
+ TODO: check
+CVE-2022-27837 (A vulnerability using PendingIntent in Accessibility prior to version ...)
+ TODO: check
+CVE-2022-27836 (Improper access control and path traversal vulnerability in StroageMan ...)
+ TODO: check
+CVE-2022-27835 (Improper boundary check in UWB firmware prior to SMR Apr-2022 Release ...)
+ TODO: check
+CVE-2022-27834 (Use after free vulnerability in dsp_context_unload_graph function of D ...)
+ TODO: check
+CVE-2022-27833 (Improper input validation in DSP driver prior to SMR Apr-2022 Release ...)
+ TODO: check
+CVE-2022-27832 (Improper boundary check in media.extractor library prior to SMR Apr-20 ...)
+ TODO: check
+CVE-2022-27831 (Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior ...)
+ TODO: check
+CVE-2022-27830 (Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 ...)
+ TODO: check
+CVE-2022-27829 (Improper validation vulnerability in VerifyCredentialResponse prior to ...)
+ TODO: check
+CVE-2022-27828 (Improper validation vulnerability in MediaMonitorEvent prior to SMR Ap ...)
+ TODO: check
+CVE-2022-27827 (Improper validation vulnerability in MediaMonitorDimension prior to SM ...)
+ TODO: check
+CVE-2022-27826 (Improper validation vulnerability in SemSuspendDialogInfo prior to SMR ...)
+ TODO: check
+CVE-2022-27825 (Improper size check in sapefd_parse_meta_HEADER function of libsapeext ...)
+ TODO: check
+CVE-2022-27824 (Improper size check of in sapefd_parse_meta_DESCRIPTION function of li ...)
+ TODO: check
+CVE-2022-27823 (Improper size check in sapefd_parse_meta_HEADER_old function of libsap ...)
+ TODO: check
+CVE-2022-27822 (Information exposure vulnerability in ril property setting prior to SM ...)
+ TODO: check
+CVE-2022-27821 (Improper boundary check in Quram Agif library prior to SMR Apr-2022 Re ...)
+ TODO: check
CVE-2022-27820 (OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the T ...)
- zaproxy <itp> (bug #897142)
CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An information le ...)
@@ -4015,30 +4067,30 @@ CVE-2022-27580
RESERVED
CVE-2022-27579
RESERVED
-CVE-2022-27578
- RESERVED
-CVE-2022-27577
- RESERVED
-CVE-2022-27576
- RESERVED
-CVE-2022-27575
- RESERVED
-CVE-2022-27574
- RESERVED
-CVE-2022-27573
- RESERVED
-CVE-2022-27572
- RESERVED
-CVE-2022-27571
- RESERVED
-CVE-2022-27570
- RESERVED
-CVE-2022-27569
- RESERVED
-CVE-2022-27568
- RESERVED
-CVE-2022-27567
- RESERVED
+CVE-2022-27578 (An attacker can perform a privilege escalation through the SICK OEE if ...)
+ TODO: check
+CVE-2022-27577 (The vulnerability in the MSC800 in all versions before 4.15 allows for ...)
+ TODO: check
+CVE-2022-27576 (Information exposure vulnerability in Samsung DeX Home prior to SMR Ap ...)
+ TODO: check
+CVE-2022-27575 (Information exposure vulnerability in One UI Home prior to SMR April-2 ...)
+ TODO: check
+CVE-2022-27574 (Improper input validation vulnerability in parser_iloc and sheifd_find ...)
+ TODO: check
+CVE-2022-27573 (Improper input validation vulnerability in parser_infe and sheifd_find ...)
+ TODO: check
+CVE-2022-27572 (Heap-based buffer overflow vulnerability in parser_ipma function of li ...)
+ TODO: check
+CVE-2022-27571 (Heap-based buffer overflow vulnerability in sheifd_get_info_image func ...)
+ TODO: check
+CVE-2022-27570 (Heap-based buffer overflow vulnerability in parser_single_iref functio ...)
+ TODO: check
+CVE-2022-27569 (Heap-based buffer overflow vulnerability in parser_infe function in li ...)
+ TODO: check
+CVE-2022-27568 (Heap-based buffer overflow vulnerability in parser_iloc function in li ...)
+ TODO: check
+CVE-2022-27567 (Null pointer dereference vulnerability in parser_hvcC function of libs ...)
+ TODO: check
CVE-2022-27566
RESERVED
CVE-2022-27565
@@ -4115,8 +4167,8 @@ CVE-2022-27530
RESERVED
CVE-2022-27529
RESERVED
-CVE-2022-27528
- RESERVED
+CVE-2022-27528 (A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 c ...)
+ TODO: check
CVE-2022-27527
RESERVED
CVE-2022-27526
@@ -4855,8 +4907,8 @@ CVE-2022-27227 (In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.
NOTE: https://www.openwall.com/lists/oss-security/2022/03/25/1
CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 ...)
NOT-FOR-US: iRZ Mobile Routers
-CVE-2022-0999
- RESERVED
+CVE-2022-0999 (An authenticated user may be able to misuse parameters to inject arbit ...)
+ TODO: check
CVE-2022-0998 (An integer overflow flaw was found in the Linux kernel’s virtio ...)
- linux 5.15.15-1 (unimportant)
[bullseye] - linux 5.10.92-1
@@ -7254,8 +7306,8 @@ CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw was
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html
NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6 (v6.2.0-rc0)
NOTE: Introduced by the original fix for CVE-2021-3748.
-CVE-2022-0835
- RESERVED
+CVE-2022-0835 (AVEVA System Platform 2020 stores sensitive information in cleartext, ...)
+ TODO: check
CVE-2022-0834 (The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0833 (The Church Admin WordPress plugin before 3.4.135 does not have authori ...)
@@ -8059,26 +8111,26 @@ CVE-2022-26101 (Fiori launchpad - versions 754, 755, 756, does not sufficiently
NOT-FOR-US: Fiori launchpad
CVE-2022-26100 (SAPCAR - version 7.22, does not contain sufficient input validation on ...)
NOT-FOR-US: SAPCAR
-CVE-2022-26099
- RESERVED
-CVE-2022-26098
- RESERVED
-CVE-2022-26097
- RESERVED
-CVE-2022-26096
- RESERVED
-CVE-2022-26095
- RESERVED
-CVE-2022-26094
- RESERVED
-CVE-2022-26093
- RESERVED
-CVE-2022-26092
- RESERVED
-CVE-2022-26091
- RESERVED
-CVE-2022-26090
- RESERVED
+CVE-2022-26099 (Null pointer dereference vulnerability in parser_infe function of libs ...)
+ TODO: check
+CVE-2022-26098 (Heap-based buffer overflow vulnerability in sheifd_create function of ...)
+ TODO: check
+CVE-2022-26097 (Null pointer dereference vulnerability in parser_unknown_property func ...)
+ TODO: check
+CVE-2022-26096 (Null pointer dereference vulnerability in parser_ispe function in libs ...)
+ TODO: check
+CVE-2022-26095 (Null pointer dereference vulnerability in parser_colr function in libs ...)
+ TODO: check
+CVE-2022-26094 (Null pointer dereference vulnerability in parser_auxC function in libs ...)
+ TODO: check
+CVE-2022-26093 (Null pointer dereference vulnerability in parser_irot function in libs ...)
+ TODO: check
+CVE-2022-26092 (Improper boundary check in Quram Agif library prior to SMR Apr-2022 Re ...)
+ TODO: check
+CVE-2022-26091 (Improper access control vulnerability in Knox Manage prior to SMR Apr- ...)
+ TODO: check
+CVE-2022-26090 (Improper access control vulnerability in SamsungContacts prior to SMR ...)
+ TODO: check
CVE-2022-26089
RESERVED
CVE-2022-26088
@@ -8638,12 +8690,12 @@ CVE-2022-25835
RESERVED
CVE-2022-25834
RESERVED
-CVE-2022-25833
- RESERVED
-CVE-2022-25832
- RESERVED
-CVE-2022-25831
- RESERVED
+CVE-2022-25833 (Improper authentication in ImsService prior to SMR Apr-2022 Release 1 ...)
+ TODO: check
+CVE-2022-25832 (Improper authentication vulnerability in S Secure prior to SMR Apr-202 ...)
+ TODO: check
+CVE-2022-25831 (Improper access control vulnerability in S Secure prior to SMR Apr-202 ...)
+ TODO: check
CVE-2022-25830 (Information Exposure vulnerability in Galaxy Watch3 Plugin prior to ve ...)
NOT-FOR-US: Samsung
CVE-2022-25829 (Information Exposure vulnerability in Watch Active2 Plugin prior to ve ...)
@@ -8749,22 +8801,22 @@ CVE-2022-25798
RESERVED
CVE-2022-25797
RESERVED
-CVE-2022-25796
- RESERVED
+CVE-2022-25796 (A Double Free vulnerability allows remote malicious actors to execute ...)
+ TODO: check
CVE-2022-25795
RESERVED
-CVE-2022-25794
- RESERVED
+CVE-2022-25794 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...)
+ TODO: check
CVE-2022-25793
RESERVED
-CVE-2022-25792
- RESERVED
-CVE-2022-25791
- RESERVED
-CVE-2022-25790
- RESERVED
-CVE-2022-25789
- RESERVED
+CVE-2022-25792 (A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2 ...)
+ TODO: check
+CVE-2022-25791 (A Memory Corruption vulnerability for DWF and DWFX files in Autodesk A ...)
+ TODO: check
+CVE-2022-25790 (A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2 ...)
+ TODO: check
+CVE-2022-25789 (A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022 ...)
+ TODO: check
CVE-2022-25788
RESERVED
CVE-2022-25787
@@ -9203,10 +9255,10 @@ CVE-2022-25617
RESERVED
CVE-2022-25616
RESERVED
-CVE-2022-25615
- RESERVED
-CVE-2022-25614
- RESERVED
+CVE-2022-25615 (Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom ...)
+ TODO: check
+CVE-2022-25614 (Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom ...)
+ TODO: check
CVE-2022-25613 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in F ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25612 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
@@ -11404,32 +11456,32 @@ CVE-2022-24841
RESERVED
CVE-2022-24840
RESERVED
-CVE-2022-24839
- RESERVED
-CVE-2022-24838
- RESERVED
-CVE-2022-24837
- RESERVED
-CVE-2022-24836
- RESERVED
+CVE-2022-24839 (org.cyberneko.html is an html parser written in Java. The fork of `org ...)
+ TODO: check
+CVE-2022-24838 (Nextcloud Calendar is a calendar application for the nextcloud framewo ...)
+ TODO: check
+CVE-2022-24837 (HedgeDoc is an open-source, web-based, self-hosted, collaborative mark ...)
+ TODO: check
+CVE-2022-24836 (Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `&l ...)
+ TODO: check
CVE-2022-24835
RESERVED
CVE-2022-24834
RESERVED
-CVE-2022-24833
- RESERVED
-CVE-2022-24832
- RESERVED
+CVE-2022-24833 (PrivateBin is minimalist, open source online pastebin clone where the ...)
+ TODO: check
+CVE-2022-24832 (GoCD is an open source a continuous delivery server. The bundled gocd- ...)
+ TODO: check
CVE-2022-24831
RESERVED
CVE-2022-24830
RESERVED
-CVE-2022-24829
- RESERVED
+CVE-2022-24829 (Garden is an automation platform for Kubernetes development and testin ...)
+ TODO: check
CVE-2022-24828
RESERVED
-CVE-2022-24827
- RESERVED
+CVE-2022-24827 (Elide is a Java library that lets you stand up a GraphQL/JSON-API web ...)
+ TODO: check
CVE-2022-24826
RESERVED
CVE-2022-24825
@@ -11452,8 +11504,8 @@ CVE-2022-24817
RESERVED
CVE-2022-24816
RESERVED
-CVE-2022-24815
- RESERVED
+CVE-2022-24815 (JHipster is a development platform to quickly generate, develop, & ...)
+ TODO: check
CVE-2022-24814 (Directus is a real-time API and App dashboard for managing SQL databas ...)
NOT-FOR-US: Directus
CVE-2022-24813 (CreateWiki is Miraheze's MediaWiki extension for requesting & crea ...)
@@ -11474,8 +11526,8 @@ CVE-2022-24806
RESERVED
CVE-2022-24805
RESERVED
-CVE-2022-24804
- RESERVED
+CVE-2022-24804 (Discourse is an open source platform for community discussion. In stab ...)
+ TODO: check
CVE-2022-24803 (Asciidoctor-include-ext is Asciidoctor’s standard include proces ...)
- ruby-asciidoctor-include-ext <unfixed> (bug #1009035)
[bullseye] - ruby-asciidoctor-include-ext <no-dsa> (Minor issue)
@@ -11839,8 +11891,7 @@ CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim p
NOTE: https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8 (v8.2.4327)
CVE-2022-0553
RESERVED
-CVE-2022-0552
- RESERVED
+CVE-2022-0552 (A flaw was found in the original fix for the netty-codec-http CVE-2021 ...)
NOT-FOR-US: Red Hat OpenShift Logging elasticsearch6 container
CVE-2022-24699
RESERVED
@@ -17987,12 +18038,12 @@ CVE-2022-22965 (A Spring MVC or Spring WebFlux application running on JDK 9+ may
[stretch] - libspring-java <end-of-life>
NOTE: https://bugalert.org/content/notices/2022-03-30-spring.html
NOTE: https://tanzu.vmware.com/security/cve-2022-22965
-CVE-2022-22964
- RESERVED
+CVE-2022-22964 (VMware Horizon Client for Linux (prior to 22.x) contains a local privi ...)
+ TODO: check
CVE-2022-22963 (In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported v ...)
NOT-FOR-US: Spring Cloud Function
-CVE-2022-22962
- RESERVED
+CVE-2022-22962 (VMware Horizon Client for Linux (prior to 22.x) contains a local privi ...)
+ TODO: check
CVE-2022-22961
RESERVED
CVE-2022-22960
@@ -18007,8 +18058,8 @@ CVE-2022-22956
RESERVED
CVE-2022-22955
RESERVED
-CVE-2022-22954
- RESERVED
+CVE-2022-22954 (VMware Workspace ONE Access and Identity Manager contain a remote code ...)
+ TODO: check
CVE-2022-22953
RESERVED
CVE-2022-22952 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to ...)
@@ -19551,10 +19602,10 @@ CVE-2022-22574
RESERVED
CVE-2022-22573
RESERVED
-CVE-2022-22572
- RESERVED
-CVE-2022-22571
- RESERVED
+CVE-2022-22572 (A non-admin user with user management permission can escalate his priv ...)
+ TODO: check
+CVE-2022-22571 (An authenticated high privileged user can perform a stored XSS attack ...)
+ TODO: check
CVE-2022-22570 (A buffer overflow vulnerability found in the UniFi Door Access Reader ...)
NOT-FOR-US: UniFi Door Access Reader Lite
CVE-2022-22569
@@ -22371,18 +22422,18 @@ CVE-2022-22260
RESERVED
CVE-2022-22259
RESERVED
-CVE-2022-22258
- RESERVED
-CVE-2022-22257
- RESERVED
-CVE-2022-22256
- RESERVED
-CVE-2022-22255
- RESERVED
-CVE-2022-22254
- RESERVED
-CVE-2022-22253
- RESERVED
+CVE-2022-22258 (The Wi-Fi module has an event notification vulnerability.Successful ex ...)
+ TODO: check
+CVE-2022-22257 (The customization framework has a vulnerability of improper permission ...)
+ TODO: check
+CVE-2022-22256 (The DFX module has an access control vulnerability.Successful exploita ...)
+ TODO: check
+CVE-2022-22255 (The application framework has a common DoS vulnerability.Successful ex ...)
+ TODO: check
+CVE-2022-22254 (A permission bypass vulnerability exists when the NFC CAs access the T ...)
+ TODO: check
+CVE-2022-22253 (The DFX module has a vulnerability of improper validation of integrity ...)
+ TODO: check
CVE-2022-22252
RESERVED
CVE-2022-22251
@@ -26084,8 +26135,7 @@ CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARR
NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c (v0.3.18)
NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7 (v0.3.18)
NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7 (v0.3.18)
-CVE-2021-4047
- RESERVED
+CVE-2021-4047 (The release of OpenShift 4.9.6 included four CVE fixes for the haproxy ...)
NOT-FOR-US: Red Hat OpenShift 4.9 incomplete fix for CVE-2021-39242
CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the passw ...)
NOT-FOR-US: mySCADA myPRO
@@ -30193,7 +30243,7 @@ CVE-2021-43517 (FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143
TODO: check
CVE-2021-43516
RESERVED
-CVE-2021-43515 (A CSV Injection vulnerablity exists in Kimai Kimai 2 > 1.14 via a d ...)
+CVE-2021-43515 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...)
TODO: check
CVE-2021-43514
RESERVED
@@ -30341,8 +30391,8 @@ CVE-2021-43444
RESERVED
CVE-2021-43443
RESERVED
-CVE-2021-43442
- RESERVED
+CVE-2021-43442 (A Logic Flaw vulnerability exists in i3 International Inc Annexxus Cam ...)
+ TODO: check
CVE-2021-43441 (An HTML Injection Vulnerability in iOrder 1.0 allows the remote attack ...)
NOT-FOR-US: iOrder
CVE-2021-43440 (Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 a ...)
@@ -32011,8 +32061,8 @@ CVE-2021-43179
RESERVED
CVE-2021-43178
RESERVED
-CVE-2021-43177
- RESERVED
+CVE-2021-43177 (As a result of an incomplete fix for CVE-2015-7225, in versions of dev ...)
+ TODO: check
CVE-2021-43176 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...)
NOT-FOR-US: GOautodial API
CVE-2021-43175 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...)
@@ -35170,46 +35220,46 @@ CVE-2022-20083
RESERVED
CVE-2022-20082
RESERVED
-CVE-2022-20081
- RESERVED
-CVE-2022-20080
- RESERVED
-CVE-2022-20079
- RESERVED
-CVE-2022-20078
- RESERVED
-CVE-2022-20077
- RESERVED
-CVE-2022-20076
- RESERVED
-CVE-2022-20075
- RESERVED
-CVE-2022-20074
- RESERVED
-CVE-2022-20073
- RESERVED
-CVE-2022-20072
- RESERVED
-CVE-2022-20071
- RESERVED
-CVE-2022-20070
- RESERVED
-CVE-2022-20069
- RESERVED
-CVE-2022-20068
- RESERVED
-CVE-2022-20067
- RESERVED
-CVE-2022-20066
- RESERVED
-CVE-2022-20065
- RESERVED
-CVE-2022-20064
- RESERVED
-CVE-2022-20063
- RESERVED
-CVE-2022-20062
- RESERVED
+CVE-2022-20081 (In A-GPS, there is a possible man in the middle attack due to improper ...)
+ TODO: check
+CVE-2022-20080 (In SUB2AF, there is a possible memory corruption due to a race conditi ...)
+ TODO: check
+CVE-2022-20079 (In vow, there is a possible read of uninitialized data due to a improp ...)
+ TODO: check
+CVE-2022-20078 (In vow, there is a possible memory corruption due to a race condition. ...)
+ TODO: check
+CVE-2022-20077 (In vow, there is a possible memory corruption due to a race condition. ...)
+ TODO: check
+CVE-2022-20076 (In ged, there is a possible memory corruption due to an incorrect erro ...)
+ TODO: check
+CVE-2022-20075 (In ged, there is a possible out of bounds write due to an integer over ...)
+ TODO: check
+CVE-2022-20074 (In preloader (partition), there is a possible out of bounds write due ...)
+ TODO: check
+CVE-2022-20073 (In preloader (usb), there is a possible out of bounds write due to a i ...)
+ TODO: check
+CVE-2022-20072 (In search engine service, there is a possible way to change the defaul ...)
+ TODO: check
+CVE-2022-20071 (In ccu, there is a possible escalation of privilege due to a missing c ...)
+ TODO: check
+CVE-2022-20070 (In ssmr, there is a possible out of bounds write due to a missing boun ...)
+ TODO: check
+CVE-2022-20069 (In preloader (usb), there is a possible out of bounds write due to an ...)
+ TODO: check
+CVE-2022-20068 (In mobile_log_d, there is a possible symbolic link following due to an ...)
+ TODO: check
+CVE-2022-20067 (In mdp, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2022-20066 (In atf (hwfde), there is a possible leak of sensitive information due ...)
+ TODO: check
+CVE-2022-20065 (In ccci, there is a possible out of bounds read due to a missing bound ...)
+ TODO: check
+CVE-2022-20064 (In ccci, there is a possible leak of kernel pointer due to an incorrec ...)
+ TODO: check
+CVE-2022-20063 (In atf (spm), there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2022-20062 (In mdp, there is a possible memory corruption due to a use after free. ...)
+ TODO: check
CVE-2022-20061
RESERVED
CVE-2022-20060 (In preloader (usb), there is a possible permission bypass due to a mis ...)
@@ -35228,8 +35278,8 @@ CVE-2022-20054 (In ims service, there is a possible AT command injection due to
NOT-FOR-US: Mediatek
CVE-2022-20053 (In ims service, there is a possible escalation of privilege due to a m ...)
NOT-FOR-US: Mediatek
-CVE-2022-20052
- RESERVED
+CVE-2022-20052 (In mdp, there is a possible memory corruption due to a use after free. ...)
+ TODO: check
CVE-2022-20051 (In ims service, there is a possible unexpected application behavior du ...)
NOT-FOR-US: Mediatek
CVE-2022-20050 (In connsyslogger, there is a possible symbolic link following due to i ...)
@@ -40979,8 +41029,8 @@ CVE-2021-40067 (The access controls on the Mobility read-write API improperly va
NOT-FOR-US: Mobility
CVE-2021-40066 (The access controls on the Mobility read-only API improperly validate ...)
NOT-FOR-US: Mobility
-CVE-2021-40065
- RESERVED
+CVE-2021-40065 (The communication module has a service logic error vulnerability.Succe ...)
+ TODO: check
CVE-2021-40064 (There is a heap-based buffer overflow vulnerability in system componen ...)
NOT-FOR-US: Huawei
CVE-2021-40063 (There is an improper access control vulnerability in the video module. ...)
@@ -43458,8 +43508,8 @@ CVE-2021-39070 (IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with
NOT-FOR-US: IBM
CVE-2021-39069
RESERVED
-CVE-2021-39068
- RESERVED
+CVE-2021-39068 (IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to ...)
+ TODO: check
CVE-2021-39067
RESERVED
CVE-2021-39066 (IBM Financial Transaction Manager 3.2.4 does not invalidate session an ...)
@@ -43734,10 +43784,10 @@ CVE-2021-38932
RESERVED
CVE-2021-38931 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
NOT-FOR-US: IBM
-CVE-2021-38930
- RESERVED
-CVE-2021-38929
- RESERVED
+CVE-2021-38930 (IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9. ...)
+ TODO: check
+CVE-2021-38929 (IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9. ...)
+ TODO: check
CVE-2021-38928
RESERVED
CVE-2021-38927
@@ -45805,8 +45855,8 @@ CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus Ar
NOT-FOR-US: Micro Focus
CVE-2021-38126 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...)
NOT-FOR-US: Micro Focus
-CVE-2021-38125
- RESERVED
+CVE-2021-38125 (Unauthenticated remote code execution in Micro Focus Operations Bridge ...)
+ TODO: check
CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise ...)
NOT-FOR-US: Micro Focus
CVE-2021-38123 (Open Redirect vulnerability in Micro Focus Network Automation, affecti ...)
@@ -47934,10 +47984,10 @@ CVE-2021-37295
RESERVED
CVE-2021-37294
RESERVED
-CVE-2021-37293
- RESERVED
-CVE-2021-37292
- RESERVED
+CVE-2021-37293 (A Directory Traversal vulnerability exists in KevinLAB Inc Building En ...)
+ TODO: check
+CVE-2021-37292 (An Access Control vulnerability exists in KevinLAB Inc Building Energy ...)
+ TODO: check
CVE-2021-37291 (An SQL Injection vulnerability exists in KevinLAB Inc Building Energy ...)
TODO: check
CVE-2021-37290
@@ -48837,8 +48887,8 @@ CVE-2021-36912
RESERVED
CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPres ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36910
- RESERVED
+CVE-2021-36910 (Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in W ...)
+ TODO: check
CVE-2021-36909 (Authenticated Database Reset vulnerability in WordPress WP Reset PRO P ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36908 (Cross-Site Request Forgery (CSRF) vulnerability leading to Database Re ...)
@@ -48865,14 +48915,14 @@ CVE-2021-36898
RESERVED
CVE-2021-36897
RESERVED
-CVE-2021-36896
- RESERVED
+CVE-2021-36896 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
+ TODO: check
CVE-2021-36895
RESERVED
CVE-2021-36894
RESERVED
-CVE-2021-36893
- RESERVED
+CVE-2021-36893 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
+ TODO: check
CVE-2021-36892
RESERVED
CVE-2021-36891
@@ -48961,12 +49011,12 @@ CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Med
NOT-FOR-US: WordPress plugin
CVE-2021-36849
RESERVED
-CVE-2021-36848
- RESERVED
+CVE-2021-36848 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2021-36847
RESERVED
-CVE-2021-36846
- RESERVED
+CVE-2021-36846 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...)
+ TODO: check
CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36844
@@ -85747,8 +85797,8 @@ CVE-2021-22057 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain
NOT-FOR-US: VMware
CVE-2021-22056 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity M ...)
NOT-FOR-US: VMware
-CVE-2021-22055
- RESERVED
+CVE-2021-22055 (The SchedulerServer in Vmware photon allows remote attackers to inject ...)
+ TODO: check
CVE-2021-22054 (VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 pr ...)
NOT-FOR-US: VMware
CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...)
@@ -90885,13 +90935,17 @@ CVE-2021-20607 (Integer Underflow vulnerability in Mitsubishi Electric GX Works2
NOT-FOR-US: Mitsubishi
CVE-2021-20606 (Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 vers ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20605 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
+CVE-2021-20605
+ REJECTED
NOT-FOR-US: Mitsubishi
-CVE-2021-20604 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
+CVE-2021-20604
+ REJECTED
NOT-FOR-US: Mitsubishi
-CVE-2021-20603 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
+CVE-2021-20603
+ REJECTED
NOT-FOR-US: Mitsubishi
-CVE-2021-20602 (Improper Handling of Exceptional Conditions vulnerability in GOT2000 s ...)
+CVE-2021-20602
+ REJECTED
NOT-FOR-US: Mitsubishi
CVE-2021-20601 (Improper input validation vulnerability in GOT2000 series GT27 model a ...)
NOT-FOR-US: Mitsubishi
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25c63cc668546070eae55e61b6eed04f37ac8dc3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25c63cc668546070eae55e61b6eed04f37ac8dc3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220412/e0d7ccae/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list